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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of 
claims in the application: 

Listing of Claims: 

1 . (Currently amended) An information processor to analyze the right 
of access to a database having a data file in a form of a structured document, 
the information processor comprising: 

a database storing an XML document; 

a preliminary access rights analysis device which decides, based on path 

expressions describing retrieval conditions used in retrieval for the database 
and an access control policy describing access control rules, to which one of 

1) always permitted, 

2) always denied, and 

3) indeterminate 

access right in the database retrieval using the path expressions corresponds, 
said preliminary access rights analysis device deciding said access rights 
without retrieving said XML document if said access right is always permitted or 
always denied, and wherein if said access right is indeterminate, then said 
database retrieval system accessing said XML document to determine an 
access right: 
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a query automaton generation unit for generating a query automaton 
from a path expression in which a retrieval condition for the database is 
described , wherein said path expression is extracted from a query requesting 
access to said database ; 

an access control automaton generation unit for generating an access 
control automaton from an access control policy in which an access control rule 
is described; and 

a l og i c an operation unit having instructions for deciding access rights in 
database retrieval using the path expression by performing Jeg4e operations 
related to the query automaton generated by the query automaton generation 
unit and the access control automaton generated by the access control 
automaton generation uniLwithout accessing said data file stored in said 
database , said operation unit also having instructions for issuing a decision 
which allows access, or does not allow access, to said data in response to said 
ouerv; 

a path expression extraction unit for extracting the path expressions from 
a guerv expression specifying a retrieval method for the database; and 

a guerv expression access right decision unit for deciding access rights 

in the database retrieval by the query expression based on decision results of 
access rights, which are obtained by the operation unit, for the individual path 
expressions extracted from the guerv expression . 
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2. (Currently Amended) The information processor of claim 1 , further 
comprising a schema automaton generation unit for generating a schema 
automaton from a schema showing a structure of the data file stored in the 
database wherein the logic operation unit performs decision of the access right 
in consideration for the schema automaton generated by the schema 
automaton generation unit. 

3. (Original) The information processor of claim 2, further comprising a 
path table control unit for controlling path table describing paths of the data file 
stored in the database wherein the schema automaton generation unit 
generates the schema automaton from the path table controlled by the path 
table control unit. 

4. (Cancelled) 

5. (Cancelled) 

6. (Currently Amended) An information processor which analyzes 
access rights to a database having a data file comprising a structured 
document, the information processor comprising: 

a database storing an XML document; 
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a preliminary access rights analysis device which decides, based on path 

expressions describing retrieval conditions used in retrieval for the database 
and an access control policy describing access control rules, to which one of 

1) always permitted, 

2) always denied, and 

3) indeterminate 

aft access right in the database retrieval using the path expressions 
corresponds, said preliminary access rights analysis device deciding said 
access rights without retrieving said XML document if said access right is 
always permitted or always denied, and wherein if said access right is 
indeterminate, then said database retrieval system accessing said XML 
document to determine an access right; 

a guery automaton generation unit for generating a guery automaton 

from a path expression in which a retrieval condition for the database is 
described, wherein said path expression is extracted from a guery reguesting 
access to said database; 

an access control automaton generation unit for generating an access 
control automaton from an access control policy in which an access control rule 
is described; 

an operation unit having instructions for deciding access rights in 

database retrieval using the path expression by performing operations related to 
the ouerv automaton generated bv the query automaton generation unit and the 
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access control automaton generated by the access control automaton 
generation unit, without accessing said data file stored in said database, said 
operation unit issuing a decision which allows access, or does not allow access, 
to said data in response to said guery; 

a path expression extraction unit for extracting the path expressions from 

a guery expression specifying a retrieval method for the database; 

a guery expression access right decision unit for deciding access rights 

in the database retrieval by the guery expression based on decision results of 
access rights, which are obtained by the operation unit, for the individual path 
expressions extracted from the query expression: 

a path table control unit for controlling a path table describing paths of a 

data file stored in the database; and 

an access right decision unit for selecting a predetermined path in the 
path table controlled by the path table control unit by a path expression 
describing a retrieval condition for the database, applying an access control 
policy describing access control rules and deciding an access right in database 
retrieval by the path expression with respect to the predetermined path; 

a path expression extraction unit for extracting the path expressions from 
a guery expression specifying a retrieval method for the database; and 

a guery expression access right decision unit for deciding access rights 
in the database retrieval by the guery expression based on decision results of 
access rights, which are obtained bv the access right decision unit, for the 
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individual path expressions extracted from the query expression , said selecting, 
applying,, and deciding , extracting, and deciding being performed prior to 
retrieving said structured document in said database. 

7. (cancelled) 

8. (Cancelled) 

9. (Cancelled) 

1 0. (Currently amended) A database retrieval system, comprising: 
a database storing an XML document; aftd 

a preliminary access rights analysis device which decides, based on path 
expressions describing retrieval conditions used in retrieval for the database 
and an access control policy describing access control rules, to which one of 

1) always permitted, 

2) always denied, and 

3) indeterminate 

aft access right in the database retrieval using the path expressions 
corresponds, said preliminary access rights analysis device deciding said 
access rights without retrieving said XML document if said access right is 
always permitted or always denied, and wherein if said access right is 

Page 7 of 16 



Appl. No. 1 0/735,837 

Amdt. Dated August 12, 2009 

Reply to Notice of August 4, 2009 



indeterminate, then said database retrieval system accessing said XML 
document to determine an access right; 

a Query automaton generation unit for generating a guerv automaton 
from a path expression in which a retrieval condition for the database is 
described, wherein said path expression is extracted from a guerv reguesting 
access to said database; 

an access control automaton generation unit for generating an access 

control automaton from an access control policy in which an access control rule 
is described: 

an operation unit having instructions for deciding access rights in 
database retrieval using the path expression by performing operations related to 
the guerv automaton generated by the query automaton generation unit and the 
access control automaton generated by the access control automaton 
generation unit, without accessing said data file stored in said database, said 
operation unit issuing a decision which allows access, or does not allow access, 
to said data in response to said query; 

a path expression extraction unit for extracting the path expressions from 
a guerv expression specifying a retrieval method for the database; and 

a guerv expression access right decision unit for deciding access rights 

in the database retrieval by the query expression based on decision results of 
access rights, which are obtained by the operation unit, for the individual path 
expressions extracted from the ouerv expression . 
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11. (cancelled) 

12. (Cancelled) 

13. (Original) The database retrieval system of claim 10, further 
comprising the access rights analysis device including: 

a path table control unit for controlling a path table describing paths of a 
data file stored in the database; and 

an access right decision unit for selecting a predetermined path in the 
path table controlled by the path table control unit by a path expression 
describing a retrieval condition for the database, applying the access control 
policy describing the access control rules and deciding an access right in 
database retrieval by the path expression with respect to the predetermined 
path. 

14. (Cancelled) 

1 5. (Currently amended) An access rights analysis method for 
analyzing the right of access to a database storing an XML document by use of 
a computer, comprising the steps of: 
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storing an XML document in a database; 

deciding, based on path expressions describing retrieval conditions used 

in retrieval for the database and an access control policy describing access 
control rules, to which one of 

1) always permitted, 

2) always denied, and 

3) indeterminate 

access right in the database retrieval using the path expressions corresponds, 
using a preliminary access rights analysis device, said preliminary access rights 
analysis device deciding said access rights without retrieving said XML 
document if said access right is always permitted or always denied, and wherein 
if said access right is indeterminate, then said database retrieval system 
accessing said XML document to determine an access right; 

generating a guery automaton from a path expression in which a retrieval 
condition for the database is described, generating an access control 
automaton from an access control policy in which an access control rule is 
described and storing the generated query automaton and access control 
automaton in a predetermined storage means , the path expression being 
derived from a received query ; ansl 

performing Ieg4e operations related to the query automaton and the 
access control automaton, which are stored in the predetermined storage 
means, and deciding an access right in database retrieval using the path 
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expression without checking the XML documents stored in the database , and 
issuing a decision allowing access or not allowing access to said database; 

extracting the path expressions from a query expression specifying a 
retrieval method for the database using a path expression extraction unit; and 

deciding access rights in the database retrieval by the guerv expression 

based on decision results of access rights for the individual path expressions 
extracted from the guerv expression using a guerv expression access right 
decision unit; 

16. (Cancelled) 

17. (Currently Amended) A computer readable medium encoded with a 
computer program for analyzing the right of access to a database handling a 
data file as a structured document, by controlling a computer, the program 
causing the computer to function as: 

a database storing an XML document; 

a preliminary access rights analysis device which decides, based on path 
expressions describing retrieval conditions used in retrieval for the database 
and an access control policy describing access control rules, to which one of 

1) always permitted, 

2) always denied, and 

3) indeterminate 
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access right in the database retrieval using the path expressions corresponds, 
said preliminary access rights analysis device deciding said access rights 
without retrieving said XML document if said access right is always permitted or 
always denied, and wherein if said access right is indeterminate, then said 
database retrieval system accessing said XML document to determine an 
access right; 

a guery automaton generation means for generating a guery automaton 
from a path expression in which a retrieval condition for the database is 
described , wherein said path expression is extracted from a guery reguesting 
access to said database : 

an access control automaton generation means for generating an access 
control automaton from an access control policy in which an access control rule 
is described; and 

a l og i c an operation means with instructions for deciding access rights in 
database retrieval using the path expression by performing operations related to 
the generated guery automaton and access control automaton, without 
accessing said data file , said operation means also having instructions for 
issuing a decision which allows access, or does not allow access, to said data 
in response to said guery; 

a path expression extraction means for extracting the path expressions 
from a guery expression specifying a retrieval method for the database; and 
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a query expression access right decision means for deciding access 

rights in the database retrieval by the query expression based on decision 
results of access rights for the individual path expressions extracted from the 
query expression . 

18. (Cancelled) 

1 9. (Currently Amended) A program for analyzing the right of access to 
a database handling a data file, described in a form of a structured document, 
by controlling a computer, the program allowing the computer to function as: 
a database storing an XML document; 

a preliminary access rights analysis device which decides, based on path 

expressions describing retrieval conditions used in retrieval for the database 
and an access control policy describing access control rules, to which one of 

1) always permitted, 

2) always denied, and 

3) indeterminate 
access right in the database retrieval using the path expressions corresponds, 
said preliminary access rights analysis device deciding said access rights 
without retrieving said XML document if said access right is always permitted or 
always denied, and wherein if said access right is indeterminate, then said 
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database retrieval system accessing said XML document to determine an 
access right; 

a Query automaton generation unit for generating a guerv automaton 
from a path expression in which a retrieval condition for the database is 
described, wherein said path expression is extracted from a guerv reguesting 
access to said database; 

an access control automaton generation unit for generating an access 

control automaton from an access control policy in which an access control rule 
is described: 

an operation unit having instructions for deciding access rights in 
database retrieval using the path expression by performing operations related to 
the guerv automaton generated by the query automaton generation unit and the 
access control automaton generated by the access control automaton 
generation unit, without accessing said data file stored in said database, said 
operation unit also having instructions for issuing a decision which allows 
access, or does not allow access, to said data in response to said guerv; 

a path table control means for controlling a path table describing paths of 
a data file stored in the database; an4 

an access right decision means for selecting a predetermined path in the 
path table controlled by the path table control unit by a path expression 
describing a retrieval condition for the database, applying an access control 
policy describing access control rules and deciding the presence of an access 
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right in database retrieval by the path expression with respect to the 
predetermined path without accessing said data file; 

a path expression extraction means for extracting the path expressions 
from a query expression specifying a retrieval method for the database; and 

a query expression access right decision means for deciding access 

rights in the database retrieval by the query expression based on decision 
results of access rights for the individual path expressions extracted from the 
query expression . 

20. (Cancelled) 

21. (Cancelled) 
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